TWI508491B - Integrated switch tap arrangement with visual display arrangement and methods thereof - Google Patents

Description

Integrated switch splitter configuration with visual display configuration and method thereof

The present invention relates to configurations in network devices used to monitor network traffic.

Interactive related string request

The present invention is related to the following application, and the present application is hereby incorporated by reference in its entirety in its entirety by reference in its entirety in the entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire entire content The US application for the transfer "Intelligent Communications Network Tap Port Aggregator".

Telecommunications networks have long been used to facilitate communication between geographically dispersed users. The communication may include the transmission of data packets, such as data and voice packets, between a plurality of network devices, such as routers and switches. In today's business environment, a company's network can perform an important function in enabling the company to conduct business. A company's network can have multiple routers and/or switches that are connected together. In large companies, the number of routers and/or switches can easily be increased to a few hundred. In order to manage the company's network in order to ensure that the network is fully operational, Information Technology (IT) personnel can ensure that each router and / or switch is properly executed.

A conventional method for monitoring a network may include logging into the network system to extract statistics relating to each router and/or switch. A less labor intensive method may include: using a monitoring tool that extracts statistics; and analyzing the application using one of the statistics that can be analyzed. Even so, it is not easy to obtain this statistic, and information technology (IT) personnel still need to log into the network system and / or routers and / or switches to access the information.

In addition, IT personnel such as technicians may not necessarily have access to the statistics that the IT staff may need in order to perform their maintenance and monitoring of the health of the network system. In a typical network environment, some servers may contain extremely sensitive information. Therefore, not everyone in the IT department has access to every level of the network. Therefore, in order to access statistics, authorization may be required.

In one embodiment, the invention relates to a configuration in a network device for monitoring network traffic. The configuration includes a set of network ports, a set of input networks for receiving the network traffic, and a set of output networks for outputting the network traffic from the network device. The configuration also includes a switch wafer, wherein the switch chip is at least configured to analyze the network traffic. The configuration further includes a set of monitoring ports configured to receive the network traffic from the set of network ports. The configuration further includes a shunt module configured to: at least intercept at least a portion of the network traffic flowing through the network device, and forward at least a portion of the network traffic to the set of monitoring ports At least one monitor.

The above summary is only one of the many embodiments of the present invention disclosed in the specification, and the invention is not intended to limit the scope of the invention, but the invention will be described in the scope of the present application. The scope. These and other features of the present invention are described in more detail below in the embodiments of the present invention in conjunction with the drawings.

The invention will now be described in detail with reference to some embodiments of the invention illustrated in the drawings. In the following description, numerous specific details are set forth in order to provide a However, it will be apparent to those skilled in the art that the present invention may be practiced without these specific details. In other instances, well-known procedural steps and/or structures are not described in detail so as not to obscure the invention.

Various embodiments including methods and techniques are described below in this specification. It should be borne in mind that the present invention may also encompass an article of manufacture comprising a computer readable medium storing computer readable instructions for performing embodiments of the present technology. The computer readable medium can include computer readable media such as semiconductor, magnetic, magneto-optical, optical, or other forms for storing computer readable codes. Furthermore, the invention may also encompass apparatus for practicing embodiments of the invention. Such devices may include dedicated and/or programmable circuitry for performing work related to embodiments of the present invention. Examples of such devices include general purpose computers and/or specialized computing devices that have been suitably programmed, and may include computer/computing devices and combinations of special/programmable circuits suitable for various tasks associated with embodiments of the present invention. .

As mentioned previously, a network can include a plurality of network devices. Each network device can store statistics relating to data traffic (eg, data traffic of data, media, voice, etc.) that can flow through the device. To monitor activity on the network, a monitoring system can be employed.

To aid in the description, Figure 1 of the prior art shows a simple network diagram with a network splitter. In the description of this specification, a network tap is an example of a network device that can be used to monitor activity on a network link. A network configuration 100 can include a set of network devices, such as an Ethernet switch 102 and an Ethernet router 104, for facilitating the transmission of data packet flows. The network configuration 100 can also include a network splitter 106 that can be placed side by side on the two network devices (the Ethernet switch 102 and the Ethernet router 104). A network link (as shown by paths 108 and 114). In one example, the data packet stream may be uplinked from the Ethernet switch 102 along the path 108 to a 110, to a 112, and out to the Ethernet router 104 via the path 114. Likewise, data from the Ethernet router 104 can go up the path 114 to 埠 112, and then to the Ethernet switch 102 via the 埠 110 and along the path 108.

Network tap 106 can be used as a bridge between Ethernet switch 102 and Ethernet router 104. Monitoring of data traffic between the Ethernet switch 102 and the Ethernet router 104 can be performed by employing the network tap 106. Network tap 106 can be a dual-monitoring configuration. In one example, the data packet stream received by the UI 110 can be copied and forwarded to a monitoring device 118 via a buffer 116. Similarly, the data packet stream received by the UI 112 can be copied and forwarded to a monitoring device 122 via a buffer 120. Examples of the monitoring device may be a device such as a personal computer (PC), an intrusion detector, a network analyzer, and an intrusion prevention system.

To understand the manner in which the network splitter works, Figure 2 of the prior art shows a schematic diagram of a network splitter. Network tap 200 can include a PHY (Physical Interface Layer) chip 202, which can be an Ethernet transceiver. In the description of this specification, a PHY chip means a wafer that can be used to receive and transmit a signal that can include a data packet. One of the media ends 204 of the PHY die 202 can connect the PHY die 202 to the physical ports (206, 208, 210, and 212) of the network tap 200. In one example, the data packet stream can be received on a buffer 206 and streamed to the PHY wafer 202 along a line 214. The data packet stream is typically received as a type of signal.

The data packet stream from port 206 can travel through path 218 through PHY die 202 and out on a Media Access Controller (MAC) end 216 of PHY die 202. The PHY die 202 can be used to first convert the analog signal to a digital signal and then transmit the signal out at the MAC end 216. The data packet stream can be looped back to the PHY wafer 202 via a bus bar 220 and traveled to the port 208 via a path 222. Similarly, a bus bar 224 can be used to return the data packet flow loop from port 208 to port 206. In one example, the bus bar that can be used to return the data loops between the cells can be a simplified Reduced Gigabit Media Independent Interface (RGMII).

Network tap 200 can also include a passive circuit 226. The passive circuit 226 can include a switch 228 that can be closed to create a bypass path between the bore 206 and the bore 208 when there is no power.

For monitoring purposes, the received data packet stream can be copied and transmitted to the monitoring devices on the ports 210 and 212. In one example, the data packet stream received by the UI 206 can be transmitted via the PHY wafer 202. The PHY chip 202 may first convert the data packet stream from analog to digital before transmitting the data packet stream on the MAC end 216. A copy of the data packet stream can be transmitted back to the monitoring port 210 via the PHY wafer 202 along a line 230. Note that when the digital data packet is popularized through the PHY die 202, the PHY die 202 can convert the data packet stream back to an analog signal. Similarly, the data packet stream received by 埠208 can be transmitted to a buffer 212 via a line 232.

As can be appreciated from the foregoing, a monitoring system such as the monitoring system described above with reference to Figures 1 and 2 can collect a plurality of statistics relating to a company's network. However, it is not easy to get this statistic. In one example, in order to retrieve the statistic, the IT staff may need to log into the system in order to access the data.

In one aspect of the present invention, the inventors have understood here that if it is easy to obtain network data, the time taken by IT personnel to retrieve statistics for performing maintenance and monitoring can be greatly shortened. Therefore, it would be desirable to provide a convenient way to access network data, especially at a glance. The inventor understands here that if the data is displayed visually, the IT staff can quickly access the health of each component of the network without having to log into the system in order to retrieve the information. In addition, by visually displaying the information, IT personnel can support network devices that may be associated with extremely sensitive information without having to gain access to a server that may store the extremely sensitive information.

In accordance with an embodiment of the present invention, a network device having a visual performance display configuration is provided. Embodiments of the present invention also include methods for calculating and displaying network usage. In the description of this specification, the usage rate means the actual transmission rate of a network.

In this document, usage rates are used as an example to illustrate the various embodiments. However, the invention is not limited to usage rates and may include any network parameters. The descriptions are intended to be illustrative, and the invention is not limited to the examples shown.

Moreover, in this document, various embodiments may be described with the dual network splitter as an example. However, the invention is not limited to dual-wire network splitters and may include other network devices such as port aggregation shunts, bypass switches, regeneration taps, and matrix switches. The descriptions are intended to be illustrative, and the invention is not limited to the examples shown.

In an embodiment of the invention, a network device having a visual performance display configuration for displaying extremely important network parameters can be provided. Examples of network parameters may include, but are not limited to, network parameters such as instantaneous usage of network capacity, average usage, peak peaks of traffic spikes, traffic types, and fault conditions. In an embodiment, the network parameters for each UI can be displayed. These network parameters can be displayed in text and/or graphical form. As can be seen from the foregoing description, these network parameters can be displayed visually without the need for IT personnel to log in to retrieve data, thereby increasing the efficiency of IT staff and reducing the response time required to handle network anomalies.

As you can see from the previous description, you can get multiple network parameters. In an embodiment of the invention, a logic configuration (eg, a Field-Programmable Gate Array (FPGA), an Application-specific Integrated Circuit (ASIC)) And a logical configuration of a Complex Programmable Logic Device (CPLD) to analyze the network parameters and generate statistics. As can be appreciated from the foregoing description, this logical configuration that can be used to perform analysis and calculate statistics can be changed based on manufacturing preferences. In an example, the logic configuration can include a single programmable component (such as an FPGA). In another example, the logical configuration can be a set of programmable components (such as a set of FPGAs), where each programmable component is configured to perform different functions. In yet another embodiment, the logical configuration can include a set of programmable components (such as a set of FPGAs) and a set of programmable digital electronic components (such as a set of microprocessors).

One of the states that is usually used to quickly determine a state of the network is the usage rate. To determine usage, the logical configuration can be configured to contain a set of counters for each frame. In one embodiment, a first counter can be used to track each instance of a valid data packet received. The RX_DV signal from one of the RGMII bus bars connected to one of the MAC terminals of a PHY can extract the data of the valid data packet. RX_DV is a control signal that can indicate a valid data packet being received. In one example, the RX_DV signal can be triggered (ie, enter a high level) when a valid data packet is received, and the RX_DV signal can enter a low level when the transmission has been completed. Therefore, the logic configuration can analyze the RX_DV signal to identify the valid data time period.

In an embodiment, a second counter can be used to track the number of bytes received. The byte data can be extracted from an RX_CLK signal of an RGMII bus. In one embodiment, for a one billion bit Ethernet device, the RX_CLK signal is a 125 megahertz clock transmitted at double rate. In other words, for each clock cycle (up and down), two bytes are received.

To identify the number of bytes that can be received during a valid data time, the logic configuration can correlate the RX_DV signal with the RX_CLK signal. When the number of bytes is known, the logical configuration can then convert the information from the byte into bit information. In other words, if 7 bytes of a valid data packet are received, the logical configuration can multiply the number of received byte groups by 8, and convert the bits into bits, thus obtaining 56 bits. .

In addition, this logical configuration normalizes the data. In one example, a monitoring period can be every second, but the data collected by the counter can be collected on every 1/10 of a second. In the above example, the 56 bits can be normalized to 560 bits per second. The normalized data indicates the amount of data actually received. To determine usage, the logic configuration divides the actual rate of received data by the line rate that a network device can carry. In this example, for a billion-element Ethernet device capable of transmitting up to 1 billion bits of data, receiving data only at a rate of 560 bits per second may be a cause for concern. By showing usage rates for easy viewing, IT staff can quickly solve problems.

The features and advantages of the present invention will become more apparent from the description and appended claims.

Figure 3A shows a simplified block diagram of a network splitter having a visual performance display configuration in an embodiment of the invention.

A network splitter 300 can include 埠 302 and 埠 304. As mentioned earlier, a network tap can be used to monitor the data traffic of a network. We should be aware that network taps can perform their monitoring functions without interfering with normal data traffic. In other words, the data flow portion can flow between the ports 302 and 304 without interruption, regardless of whether or not there is power to the circuit of the network shunt 300. In one example, data traffic may flow into port 302 and flow to an Ethernet transceiver, such as PHY 306, and flow out through port 304. Thus, regardless of whether the network tap 300 is performing its monitoring function, data traffic can continue to flow between the ports.

However, if power is supplied to enable network tap 300 to perform its monitoring function, the same data traffic that can flow into and received by PHY 306 can be replicated. In an embodiment, an RGMII bus 308, for example, can be configured to direct the copy of the data stream to the monitoring devices. Those skilled in the art will appreciate that the RGMII bus 308 can include a plurality of signals including, but not limited to, RX_CLK, RX_DV, GTX_CLK, TX_EN, RXD[3:0], and TXD[3:0]. In one embodiment, two signals, such as an RX_CLK signal 350 and an RX_DV signal 352 (as shown in FIG. 3B), may be extracted from the RGMII bus 308, and the two signals are transmitted along a path. To a logical configuration such as a field programmable gate array (FPGA) 312. The FPGA 312 can include intelligence to determine when the data on the RGMII bus 308 is valid based on the two signals (RX_CLK and RX_DV).

FPGA 312 can include 2 counters per counter (counter 314, counter 316, counter 318, and counter 320). In an embodiment, counter 314 can be associated with RX_DV signal 352 and counter 314 can be incremented each time a valid material is present. In an example, when 埠 302 receives a data packet, counter 314 can be incremented by one.

In another embodiment, counter 316 can be associated with RX_CLK signal 350 and can increment counter 316 upon receipt of each byte. The FPGA 312 can use the RX_CLK signal 350 as a clock to measure the number of bytes that can be received during a valid data time. In a one billionth Ethernet network, the RX_CLK signal 350 is a 125 megahertz clock. Since the RX_CLK signal 350 can be a control signal from the RGMII bus 308, it is assumed that two bytes are received in each clock cycle. In other words, on each falling edge or rising edge (360, 362, 364, 366, 368, 370, and 372), a one-tuple is received.

In order to determine the number of bytes that are received during a valid data time, the FPGA 312 can combine the two control signals.

In one example, the RX_DV signal 352 can be triggered (ie, enter a high level) when a data packet is received. In other words, when the RX_DV signal 352 is at a high level (as indicated by shaded portion 354), a valid data packet is received. In an embodiment, the time period between the rising edge 356 and the falling edge 358 may indicate the valid data time period.

While the RX_DV signal 352 can be used to indicate when the data is valid, the RX_DV signal 352 does not provide information regarding the byte size of the incoming data packet. Because the number of bytes per packet is unknown, the RX_CLK signal 350 can be used to determine the number of bytes in a valid data packet. Those skilled in the art will appreciate that for an RGMII bus, data is transmitted on each rising clock and each falling clock of the 125 megahertz clock. Therefore, by calculating the number of rising and falling edges (360, 362, 364, 366, 368, 370, and 372) of the RX_CLK signal 350 when the RX_DV signal 352 is triggered, it is possible to determine each valid data time period. The number of bytes.

Once the counters in the FPGA 312 have collected the data and have correlated the two signals to determine the number of significant bytes during each valid data time period, the usage rate can be determined. In an embodiment, the logical configuration can include one or more programmable components. In one example, the same FPGA 312 can perform the analysis. In another example, FPGA 312 can forward the collected data to another programmable component, such as a microprocessor 322, in the logical configuration to determine the usage rate. As can be appreciated from the foregoing description, the calculation of the usage rate may depend on the network device that has been employed. In one example, for a one billion bit Ethernet network, the number of bytes collected during a valid data time period must be divided by one billion bits to determine the actual usage rate.

In one embodiment, once the usage rate is determined, the usage rate can be forwarded along a path 324 to display the usage rate on a visual display 326 of the network splitter 300. As can be seen from the foregoing description, in addition to being displayed, the usage rate can be distributed by other methods, for example, transmitting the statistics to a remote user in the form of a report, or forwarding the data to an application. The program is for analysis. Therefore, as can be seen from the foregoing description, since the data can be accessed from a remote location, monitoring can be performed off-site, enabling IT personnel to have more flexibility in performing their work to maintain full-featured operation of the network.

As shown in Figures 3A and 3B, the logic configuration such as FPGA and microprocessor can calculate the usage rate of a network by extracting relevant control signals from the bus bar. By showing the usage rate, IT staff can easily view the data without having to log in to the network system in order to retrieve the data. In addition to viewing real-time data, the visual performance display configuration can also display historical trends such as maximum traffic spikes to assist IT personnel in maintaining and monitoring the network. As can be appreciated from the foregoing description, by visually obtaining the data, the need to access the authorization code of the network device associated with the extremely sensitive information can be substantially eliminated. As a result, low-level IT staff can perform their jobs, and companies don't have to worry about unauthorized users getting confidential information.

Figure 4 shows a simplified flow chart of one method for calculating usage in an embodiment of the invention. Figure 4 will be described with reference to Figures 3A and 3B to provide an illustration of the manner in which the steps are performed. Consideration will be given to the case where a valid data packet has been received by 埠 302.

In a first step 402, a logic configuration can detect a valid data time period on an RX_DV signal. In an example, FPGA 312 can analyze RX_DV signal 352 to determine a rising edge 356 that can indicate a valid data time period 354. As mentioned earlier, only one data packet is received during each valid data period. Thus, counter 314 can increment the count by one to indicate a new valid data time period.

In a next step 404, the logic configuration can calculate the number of rising and falling edges on an RX_CLK signal. To determine which portion of the RX_CLK signal to count, FPGA 312 can correlate RX_CLK signal 350 with RX_DV signal 352 to determine the number of rising and falling edges. In one example, during the active data time period 354, seven bytes are collected based on the rising and falling edges (360, 362, 364, 366, 368, 370, and 372) of the RX_CLK signal 350.

In a next step 406, the number of bytes is converted to the number of bits. Once the FPGA 312 determines the number of bytes collected, the FPGA 312 can forward the data to the microprocessor 322. Since the network device is a one billion bit Ethernet device, the microprocessor 322 can first convert the number of bytes into the number of bits. Those familiar with the technology can understand that each tuple has 8 bits. Thus, the number of significant bits in the active data time period 354 can be 56 bits (eg, 7 bytes x 8 bits).

In a next step 408, the usage rate can be calculated. Microprocessor 322 may normalize the data prior to calculating usage. In one example, 56 bits have been transmitted in every 1/10 of a second. However, a collection cycle can occur every second. Therefore, in each second, 560 bits can be transmitted.

Once the data is normalized, the logical configuration can calculate usage. The usage rate can be calculated by dividing the actual number of bits per second by the number of bits per second that a line can carry. In this example, because the network device is a one billion bit Ethernet device, the microprocessor can divide the normalized number by one billion bits to determine the usage rate.

As can be understood from the foregoing description, the same procedure as described in FIG. 4 can also be applied to, for example, a Gigabit Media Independent Interface (GMII), etc., such as RX_DV and RX_CLK, which can be used to calculate usage. Other bus lines for control signals.

Figure 5 illustrates an example of a network device having a visual performance display configuration in an embodiment of the present invention. A network device 500 can include a plurality of ports. In this example, network device 500 can include two network ports (502 and 504) and two monitoring ports (506 and 508). As can be seen from the foregoing description, the network device can be any device capable of directing Ethernet traffic. Therefore, the network device 500 can be a router, a switch, and a network splitter.

A visual display configuration 510 can also be coupled to the network device 500. In an example, the visual display configuration can be a liquid crystal display (LCD) screen. As can be appreciated from the foregoing description, the size of the visual display configuration may depend on the manufacturer's configuration preferences. In one example, the size of the LCD screen can depend on the size of the network device.

As can be seen from the foregoing description, the network parameters that can be displayed on the visual display configuration can be information that assists the IT staff in performing their maintenance and monitoring of the corporate network. While usage has been used as an example of implementing a network device with a visual performance display configuration, other network data parameters may also be shown. Examples of types of technical and diagnostic data to be displayed may include, but are not limited to, the degree of immediate use of each path of a network link, the size and timing of maximum traffic spikes, and the simple network of system/link/power Management Protocol (SNMP) traps, average usage percentage of network capacity, total packet count, and data types such as total bytes.

In an embodiment, the network material may be periodically updated to visually display the instant material. In another embodiment, the displayed network parameters can be cycled. In other words, the amount of data parameters that can be viewed can be limited to the visual display configuration. In order to be able to view different data parameters, different methods can be used to determine when network data can be recycled. In an example, the data parameters can be displayed during a predetermined time period. In another example, a control component such as a button or a scroll wheel can be used to enable the IT staff to select the desired data parameters.

As can be seen from the foregoing description, the mode in which the data parameters can be displayed can be changed. In one example, the network material can be displayed in the form of text. In another example, the network material can be displayed graphically (eg, a graph of a chart, a bar chart, etc.).

As can be appreciated from the foregoing description, one or more embodiments of the present invention provide methods and apparatus for displaying network parameters on a network device. By displaying these network parameters, IT personnel can obtain instant network data parameters on the network device. Therefore, efficiency and cost can be improved by visually obtaining network data parameters.

In an interconnected environment, such as a corporate network or the Internet, a large number of data packets are exchanged each day. To facilitate the exchange of data packets over a network, a network device such as a Layer 2 or Layer 3 network switch can be employed. A network switch is usually a high-density device that can direct very large network traffic. Because a large amount of network traffic can flow through a single network switch, the ability to monitor network traffic can manage network health (eg, ensure reliable performance, perform fault detection, and detect unauthorized A tool for the activity) is provided to the manager.

One configuration implemented to enable monitoring includes the use of a mirror port. In the description of this specification, mirroring means a trick that has been configured to receive a copy of network traffic from a plurality of sources. To facilitate the explanation, FIG. 6 shows a simple block diagram of a switching device having a mirroring function. A network switch 600 can include a plurality of sources (606, 608, 610, 612, 614, 616, 618, 620) configured to: receive a data packet, determine a destination, and forward the And other data packets. In an example, source 606 can receive a data packet. An exchange chip 604 analyzes the data packet and may determine that the data packet will be forwarded to its destination via an upper chain (e.g., an upper chain of 630, 632, etc.).

Network switch 600 can also include a mirror port 622 that can be coupled to a monitoring tool 624, such as a computer system. In one example, the data packets received by the switch wafer 604 can be copied and forwarded to the monitoring tool 624 via the mirror port 622. Because data traffic from multiple sources flows into a single mirror (622), network traffic congestion can occur. To mitigate network traffic congestion of mirror port 622, switch fabric 604 can have a built-in filtering function.

In one example, source 606 can receive a data packet of one billion bytes. However, approximately 300 million bytes of data packets may contain errors. Prior to copying the data packet, the swap chip 604 may first filter the data packet and remove portions of the data packet that may contain errors. Therefore, only a portion of the data packet is forwarded to the mirror 622. Thus, the data packets visible to the monitoring tool 624 are limited to network traffic that is replicated and forwarded via the mirror port 622. Since the error portion of the data packet has been filtered out, the error portion will not be used for analysis.

However, even if the wrong part of the data packet is filtered out, network traffic congestion may continue to be a problem. Therefore, the swap chip 604 may have to discard additional data packets in order to minimize and/or prevent network traffic congestion. Therefore, the ability of monitoring tool 624 to perform its monitoring is dependent on the network switch.

In order for the swap chip 604 to perform the mirroring function, a large amount of processing may be required. In some cases, swap chip 604 can use 20-30% of the processing power of a central processing unit (CPU) 602 to perform the mirroring function. Because the mirroring function is considered a non-critical function of the network switch 600, when the CPU 602 is overloaded, the mirroring function may be a function that can be turned off first to enable the network switch 600 to perform its network traffic routing. The main function. Thus, the loss of mirroring functionality prevents the administrator from monitoring network traffic because a copy of the network traffic is not forwarded to the monitoring tool 624 via the mirror 622.

An alternative prior art solution for monitoring network traffic, especially when the network switch is not mirrored, is to connect an external network tap as a side-by-side setup to a network switch. Figure 7 shows a simplified block diagram of a network switch having an external side-by-side split configuration. A network switch 700 can include a plurality of source ports (sources 702, 704, 706, etc.) configured to receive data packets, determine destinations, and forward the data packets. In one example, network traffic may flow into a source 702 and flow out of an uplink (708, 710).

To monitor traffic, an external side-by-side shunt, such as a shunt 716, can be coupled to the uplink 708 to monitor the flow of data from the uplink 708 to a router such as a router 722. The splitter 716 can include two network ports (718 and 720) configured to receive and forward network traffic. In an example, the network 718 is configured to receive data packets from the uplink 708 and to transmit the data packets to the uplink 708. Likewise, the network port 720 is configured to receive/transmit data packets from/to the router 722. Network traffic flowing through splitter 716 is replicated and forwarded to a set of monitoring tools 728 via a monitoring port (724 or 726). In an example, source 702 receives network traffic. The network traffic is forwarded to a switch wafer (not shown). In this network switched configuration, the swap chip may not have mirroring functionality. Therefore, the network traffic received by the switch chip will eventually be transmitted via one of the upper chains.

The network traffic flowing through the splitter 716 is bidirectional. In other words, the shunt 716 can receive the network taps from the network switch 700 and the router 722. Thus, when data is copied and forwarded to the monitoring ports, the amount of data flowing through the splitter 716 can cause traffic congestion. Due to traffic congestion, some data packets can be discarded until traffic congestion is reduced.

As can be seen from Figure 7, a network switch with an external side-by-side split configuration requires interconnection of multiple network devices. Because these network devices may have different brands and models, the setup and maintenance of the network may become quite complicated. In addition, in order to accommodate network switches with external partial stream configurations, more physical space will be required.

Prior art monitoring configurations for network switching devices have several drawbacks. For a network switch with a mirror, the user has little or no control over the type of data packets that can be seen. Instead, the network switch can have built-in logic for defining rules for discarding data packets. In addition, the mirroring function requires a lot of resources and may cause the network switch's CPU to be overloaded. Because the mirroring function is a primary function of the network switch, the mirroring function may be turned off to preserve the primary function of the network switch (guiding network traffic), thereby terminating traffic to the monitoring device.

In this second monitoring configuration, a network switch with external side-by-side shunts provides a monitoring configuration that is turned off without being affected when the processor of the network switch is overloaded. However, the shunt monitoring configuration may still have data loss due to network traffic congestion. In addition, the shunt monitoring configuration requires more physical space because the shunt monitoring configuration may require more network devices to perform the same monitoring functions as mirrored network switches. In addition, this external side-by-side shunt configuration may result in higher power consumption. Considering that this configuration is a separate solution, this external partial stream configuration may require more resources.

In accordance with an embodiment of the present invention, an integrated switch split configuration capable of monitoring network traffic within a single device is provided. Embodiments of the invention include integrating a shunt module into a switching device to perform a monitoring function. The shunt module can be configured to intercept data traffic flowing to a set of uplinks. The intercepted data can be copied and forwarded to a set of surveillance files.

In an embodiment of the invention, the shunt module can include filtering logic. Unlike prior art, the user can configure the filtering logic to allow the user to determine the type of data packet that can be monitored. Additionally or alternatively, the filtering logic may also allow the user to define the type of data packet that a monitoring tool can receive.

In an embodiment, the integrated switch split configuration can include two CPUs. This primary CPU is used to perform functions typically associated with traditional network switches. The CPU may be reserved for execution of the work performed by the shunt module, for example, by executing the filtering logic. Providing a CPU once will substantially eliminate the possibility of losing visibility of network traffic because the monitoring and filtering functions have been separated from the routing function.

In another embodiment, the integrated switch split configuration can include a buffer component. Because network traffic is bidirectional (in and out of each uplink), the amount of network traffic that can be forwarded to a group of monitored ports can be greater than the amount that the group of monitors can handle. In order to handle the potential network traffic congestion of the group of monitors, a buffer component can be placed between the shunt module and the set of monitors, thereby enabling the buffer component to buffer the network when network traffic congestion may occur. flow. Thus, when a buffer assembly is provided, the risk of discarded data packets can be substantially reduced and/or minimized.

The features and advantages of the present invention will become more apparent from the description and appended claims.

Figure 8 shows a simplified overall view of a network switch having an integrated shunt configuration in one embodiment of the invention. An integrated switch offload device 800 can include a plurality of network ports (806, 808, 810, 812, 814, 816, 818, 820, 822, 824, 826, and 828). Each of the network ports is configured to be bidirectional, so each port can have one of the incoming traffic ports for receiving incoming traffic and one of the traffic used to forward the outgoing network. port. After receiving a data packet, the input network can forward the data packet to a switch wafer 804. After analyzing and determining the destination of the data packet, the swap chip 804 can forward the data packet to one of the upper chains (836 and 838).

In one embodiment, to facilitate monitoring of network traffic flowing through the integrated switch splitter 800, a shunt module 830 can be included in a built-in component. The shunt module 830 can be configured to intercept the data traffic and copy the data traffic to forward the data traffic to one of the monitoring ports, such as the monitoring ports 840 and 842. In an embodiment, the shunt module 830 can include a filtering function. Unlike previous prior art solutions with mirroring switching devices, the user can configure the filtering functionality built into the shunt 830.

In one example, the user may be interested in network traffic that may flow through the network device via a particular source, and is interested in whether the data packet contains errors. However, in the prior art, a swap chip with mirroring functionality may be configured to filter out any errors that may occur in network traffic; therefore, the user may not have an opportunity to analyze possible errors. Unlike the prior art, the shunt module 830 includes a user configurable filtering function that allows the user to define the type of data packets that they may want to monitor or may wish to discard. Thus, without being subject to the settings of the switching device, the user can now control the type of data packets that can be transferred to a monitoring tool for analysis.

In one embodiment, the shunt module 830 can include a processor, thereby enabling the shunt module 830 to perform processing without the use of a main processor (CPU 802) of the integrated switch shunt device 800. Since the monitoring and filtering functions are now performed by the shunt module 830 instead of the swap chip 804, the risk of overloading the CPU 802 is minimized because the CPU 802 does not have to handle additional functions such as mirroring. Even though the CPU 802 is overloaded and other secondary functions are turned off in order to preserve the primary function of the network switch, the shunt module 830 can continue to perform its monitoring and filtering functions because the shunt module 830 has its own independent processor. .

In one embodiment, the shunt module 830 can be disposed between the exchange wafer 804 and one or more upper chains (836 and 838). By placing the shunt module 830 between the switch chip and the set of upper chains, the shunt module 830 can intercept network traffic transmitted between the switch wafer 804 and the upper chains. In an embodiment, an integrated switch splitter 800 can include a plurality of split modules. In one example, for each winding chain, a shunt module can be associated with the winding chain. For example, in one embodiment, a shunt module can be associated with a first bobbin, and a second shunt module can be associated with a second bobbin (not shown).

In yet another embodiment, a single shunt module can be used to monitor network traffic flowing into more than one uplink. In one example, a single shunt module can be configured to simultaneously process network traffic flowing into the uplink 836 and the uplink 838. In this configuration, the shunt module can first use an aggregator to aggregate network traffic flowing from paths 832 and 834 in an embodiment before copying and filtering the network traffic. In one example, data packet ABCD is received from path 832 and data packet GHIJ is received from path 834. The aggregator can merge the network traffic from the two paths before copying the data packet. Once the data packets have been copied, the shunt module can apply filtering to determine which data packets to retain and the destination of each data packet. For example, the user may have established a filtering rule that requires all emails (e.g., data packets A and H) to be processed by a monitoring tool connected to the monitoring device 842. Therefore, the data packet AH is transmitted to the monitoring tool via the monitoring port 842, and the data packet BCDGIJ is transmitted to the other group of monitoring tools via the monitoring port 840.

Since the shunt module 830 can process both incoming and outgoing traffic (i.e., data packets from the sources and the uplinks, respectively), network traffic congestion may occur. In one embodiment, the integrated switch offloading device 800 can include a buffering component, thereby enabling the shunting module 830 to handle potential network traffic congestion to the monitoring ports (840 and 842). In one example, the amount of data packets flowing to the monitoring port 840 can exceed the capacity that the monitoring port 840 can handle. In order to minimize network traffic congestion, a buffer component can be configured to buffer data traffic, thereby managing the flow of data to the monitoring ports. By implementing a buffering component, it is now possible to buffer data packets that may have been unintentionally discarded due to network traffic congestion in the prior art until the monitoring device is ready to receive the data packets.

In an embodiment, the integrated switch shunt device 800 can include an exchange wafer having a mirroring function. In other words, if the user wants to apply the filtering function of the swap chip, the user can choose to enable the mirroring function. Some additional monitoring features can be supported by providing the user with the option to select this mirroring feature. However, even if the CPU 802 is overloaded and the mirroring function is turned off, the user does not lose visibility of the network traffic because the network traffic is still copied by the offloading module 830 and thus does not depend on the CPU 802.

In another embodiment, if one of the upper chains is not associated with a shunt module, an outer stream can be configured to monitor network traffic flowing through the uplink. In an example, a third upper chain (not shown) is not associated with the shunt module 830. If the user wants to monitor network traffic flowing through the third uplink, the user can choose to connect an external side-by-side split configuration to the third uplink.

As can be seen from Figure 8, an integrated switch shunt device enables the network device to integrate the shunt and switch functions into a single device. The integrated switch splitter 800 as a single device occupies less physical space and/or consumes less power than a network switch with an external side-by-side split configuration. Moreover, as a single device, management of the network device is simpler than management of multiple network devices. In one example, when a single management 844 is provided, the administrator can configure and maintain the switching and offloading functions. In the prior art, managers may have the challenge of trying to integrate switching devices and shunt devices that may have different brands and models. However, when these two functions are included in a single device, the manager no longer needs to perform complex configurations in order to match the two functions to each other.

Figure 9 shows a simplified flow diagram of one of the steps for enabling monitoring within an integrated switch splitter in an embodiment of the invention. In order to facilitate the explanation, Fig. 9 will now be described with reference to Fig. 8.

In a first step 902, a shunt module receives a set of data packets. Consider the case where the switch wafer 804 is receiving network traffic via the network 808. After analyzing the data, the exchange wafer can transfer the set of data to an upper chain such as an upper chain 838. In an embodiment, the shunt module 830 can intercept the set of data packets.

In a next step 904, the set of data packets is processed. In an example, the shunt module 830 can copy the data after receiving the data.

Once the set of data packets has been copied, in a next step 906, the set of data packets can be forwarded to an upper chain.

In a next step 908, the set of data packets is forwarded to the next destination. In an example, the set of data packets can be forwarded to a router.

Returning to step 904, once the data has been copied, in a next step 910, the set of data packets can be filtered. In one example, the set of monitoring tools that are connected to the monitor 840 are only interested in email packets. Therefore, in step 912, the shunt module 830 does not transmit all of the network traffic to the monitoring port 840, but can filter out the e-mail packets and monitor the e-mail packets 埠 840 while Other data packets are directed to the monitor 842. In one embodiment, if network traffic congestion occurs on a surveillance device, a buffer component can be used to temporarily store data packets.

Once the data packets have flowed to their respective monitoring ports, in a next step 914, the data packets are output to the monitoring tool of the designated group.

As can be appreciated from one or more embodiments of the present invention, an integrated switch split configuration provides a user configurable monitoring environment. When a user-configurable shunt module is provided, the network administrator can control the type of data packet being monitored. By implementing switching and offloading functions within a single network device, routing and monitoring network traffic can exist simultaneously, and monitoring functions must not be sacrificed in order to preserve routing functionality because each function is controlled by a different processor. In addition, by integrating these functions into a single device, cost savings can be achieved by storing hardware for less physical space.

In one aspect of the present invention, the inventors understand that managers and/or technicians typically do not have access to statistics collected by such monitoring tools relating to high density network devices such as network switches. For example, in order to access the collected statistics, the administrator may have to come to a computer system and must log in to the system before deciding on the health of the network device. To facilitate monitoring, a quick and convenient method for capturing statistics such as usage rate per network can substantially reduce the amount of time IT personnel can spend supporting a network.

The inventors have understood herein that the above-described visual performance display configuration of a low-density network device such as a helium aggregator can also be applied to a high-density network device (for example, a network switch, a router, etc.) Device). In accordance with an embodiment of the present invention, a high density network device having a visual performance display configuration is provided.

Figure 10 is a block diagram showing a portion of a visual performance display configuration of a high density network device such as an integrated switch shunt device in an embodiment of the invention.

To facilitate monitoring of each network on a network device 1002, an indicator can be used to display the status of a network port. In an example, network device 1002 can include 32 network ports. Each of the network ports can be associated with a light emitting diode (LED) indicator (shown as a cluster of indicators 1026 in the figure). In one embodiment, the color of the LED indicator can provide a rapid state for each network. According to the color icon 1018, the red LED indicator represents a network that may require immediate attention. However, the yellow LED indicator can represent a network that may be of concern. However, a green LED indicator can indicate behavior as expected. For example, all network ports except the network port 19 have green LED indicators. Unlike the prior art, IT staff can quickly get a healthy state of the network and be able to handle abnormal conditions immediately.

In an embodiment of the invention, a network device 1002 having a visual performance display configuration 1004 can be provided to display various extremely important network parameters (eg, instant usage, average usage, peak peaks of traffic spikes, Network type of traffic type, and fault conditions). The visual performance display configuration 1004 can be a non-opaque viewing screen such as a liquid crystal display (LCD) screen.

In one embodiment, the network parameters for each network can be displayed. In one embodiment, an entry and exit of a network can be displayed. These network parameters can be displayed in text and/or graphical form.

In one embodiment, statistics relating to a network are periodically updated. Therefore, the information that can be displayed can reflect the real-time numbers. In an example, for network 埠1 (1006), the incoming instant usage rate is 52.250% (1008), and the outbound real-time usage rate is 46.122% (1010).

In another embodiment, the highest peak statistic for each network 亦可 can also be displayed. In one example, the highest peak of the incoming threshold of the network 埠1 is 53.500%, and the highest peak of the outgoing 埠1 is 47.252%. Because this information is readily available, IT staff can quickly determine the health of the network. With a visual performance display configuration, monitoring the health of the network will be more efficient because the network parameters can be obtained visually without having to use a computer to retrieve statistics related to the network.

Due to physical limitations, the size of the visual performance display configuration 1004 may only be able to visually display a limited amount of data. In an embodiment, statistics that can be displayed can be cycled. In other words, in order to be able to display statistics related to each network, different methods can be used to determine when network data can be recycled. In an example, statistics may be displayed based on a predetermined time period. In another example, a control component, such as a set of buttons 1012, can be used to enable an IT person to quickly retrieve the desired data parameters. As can be appreciated from the foregoing description, other physical embodiments, such as scroll wheels, can be used to scroll the statistics.

As can be appreciated from one or more embodiments of the present invention, the visual display configuration of a high density network device provides a rapid state of each of the network devices. With a visual display configuration, IT staff can maintain and monitor the health of the network. As a result, IT staff can be more efficient at monitoring the network and have more time to try to resolve anomalies that may require attention.

The invention has been described with reference to a number of preferred embodiments, and variations, modifications, and equivalents thereof are possible within the scope of the invention. While the specification is provided by way of example, the invention is not intended to

In addition, the name of the invention and the content of the invention are provided for convenience, and the name of the invention and the content of the invention should not be used to interpret the scope of the invention. In addition, the abstract is written in a very brief form, and the present invention is provided for convenience, and thus the abstract is not intended to be interpreted or limited to the invention as set forth in the appended claims. If the term "group" is used in this specification, the term will have its mathematical meaning as commonly understood, and encompasses zero, one, or more members. Please note that there are many alternative ways of implementing the methods and apparatus of the present invention. Accordingly, the scope of the invention is to be construed as being limited by the scope of the invention.

100. . . Network configuration

102. . . Ethernet switch

104. . . Ethernet router

106,200,300. . . Network splitter

108,114,218,222,324,832,834. . . path

110, 112, 116, 120, 206, 208, 210, 212, 302, 304. . . port

118,122. . . Monitoring device

202,306. . . Physical interface layer chip

214,230,232. . . line

216. . . Media access control terminal

220,224. . . Bus line

226. . . Passive circuit

308. . . Simplified billion-bit media independent interface bus

350. . . RX_CLK signal

352. . . RX_DV signal

312. . . Field programmable gate array

314, 316, 318, 320. . . counter

358,360,364,368,372. . . Falling edge

356,362,366,370. . . Rising edge

354. . . Valid data period

322. . . microprocessor

326. . . Visual display

500,1002. . . Network device

502,504,718,720,806,808,810,812,814,816,818,820,822,824,826,828. . . Network埠

506,508,724,726,840,842. . . Surveillance

510. . . Visual display configuration

600,700. . . Network switch

606,608,610,612,614,616,618,620,702,704,706. . . Source埠

604,804. . . Swap chip

630,632,708,710,836,838. . . Winding

622. . . Mirroring

624,728. . . Monitoring tool

602,802. . . Central processing unit

716. . . Splitter

722. . . router

800. . . Integrated exchanger splitter

830. . . Shunt module

844. . . Management

1026. . .埠 indicator

1018. . . Color icon

1004. . . Visual performance display configuration

1012. . . Button

The invention has been described by way of example and not limitation, and reference to the drawings

Figure 1 shows a simple network diagram with a network splitter.

Figure 2 shows a schematic diagram of a network splitter.

Figure 3A shows a simplified block diagram of a network splitter having a visual performance display configuration in an embodiment of the invention.

Figure 3B shows a simplified diagram of one of the RX_CLK and an RX_DV signals in an embodiment of the invention.

Figure 4 shows a simplified flow chart of one method for calculating usage in an embodiment of the invention.

Figure 5 illustrates an example of a network device having a visual performance display configuration in an embodiment of the present invention.

Figure 6 shows a simple block diagram of a switching device with mirroring functionality.

Figure 7 shows a simplified block diagram of a network switch having an external side-by-side split configuration.

Figure 8 shows a simplified overall view of a network switch having an integrated shunt configuration in one embodiment of the invention.

Figure 9 shows a simplified flow diagram of one of the steps for enabling monitoring within an integrated switch splitter in an embodiment of the invention.

Figure 10 is a block diagram showing a portion of a visual performance display configuration of a high density network device such as an integrated switch shunt device in an embodiment of the invention.

800. . . Integrated exchanger splitter

802. . . Central processing unit

804. . . Swap chip

806,808,810,812,814,816,818,820,822,824,826,828. . . Network埠

830. . . Shunt module

832,834. . . path

836,838. . . Winding

840,842. . . Surveillance

844. . . Management

Claims (20)

A configuration in a network device for monitoring network traffic, the configuration comprising: a set of network ports configured to receive the network traffic and output the network traffic from the network device At least one of the network 埠 includes at least one first network 埠; a first counter for tracking an instance of the valid data packet received in the first network , to generate the first counter data; a second counter for tracking the number of bytes received in the first network to generate second counter data; and logic configured to use the first counter data and the second counter data to determine One of the network parameters associated with the first network 进入 and one of the network parameters associated with the first network 出去, at least one of the outgoing values; a set of monitoring 埠, the set of monitoring 埠 is coupled to One or more monitoring devices; a shunt module configured to: at least intercept at least a portion of the network traffic flowing through the network device and forward the at least a portion of the network traffic The group monitors the middle At least one monitoring device; and a visual display module for displaying the entry value of the network parameter associated with the first network and the outgoing value of the network parameter associated with the first network One or more of them. The configuration of claim 1, wherein the visual display module is configured to simultaneously display the network parameter associated with the first network port The entry value and the outgoing value of the network parameter associated with the first network 。. For example, in the configuration of claim 1, wherein the offloading module includes a mirroring function, wherein the mirroring function includes: replicating the network traffic to forward the network traffic to the group of monitoring ports. For example, in the configuration of claim 1, wherein the shunt module includes a filtering function, wherein the filtering function includes: identifying a type of data packet from the network traffic for forwarding to the at least one of the monitoring ports Monitor 埠. The configuration of claim 1 further includes a control component for enabling a user of the configuration to select the first network from the group of networks for viewing the first network. The incoming value of the associated network parameter and the outgoing value of the network parameter associated with the first network 。. The configuration of claim 1, wherein the first counter is associated with a first signal received in the first network, and the second counter is associated with a second signal received in the first network And the logic configuration is further configured to correlate the first signal to the second signal for determining the incoming value of the network parameter associated with the first network and associated with the first network The outgoing value of the associated network parameter is at least one of the outgoing values. For example, in the configuration of claim 1, wherein the shunt module is disposed between the logical configuration and a set of uplinks, wherein the shunt module is configured to: intercept the network traffic first, and then the network Road traffic is sent to the The group is chained. The configuration of claim 7 further includes a second shunt module, wherein the second shunt module is disposed between the logic configuration and the at least one upper chain of the set of upper chains. The configuration of claim 1, further comprising a buffer component, wherein the buffer component is disposed between the shunt module and the set of monitoring ports, wherein the buffer component is at least configured to manage the monitoring of the group Network traffic. For example, in the configuration of claim 1, wherein the offloading module includes an aggregation function, wherein the aggregation function includes a data packet that is aggregated and received from the group of networks. A configuration in a network device having an internal current stream module for displaying statistics relating to network traffic passing through the network device, the configuration comprising: a power supply configuration for supplying power to the circuit of the network device a set of network ports configured to receive at least one of the network traffic and the network traffic output from the network device, the set of network ports comprising at least one first network port; a first counter for tracking an instance of a valid data packet received in the first network to generate a first counter data; a second counter for tracking a byte received in the first network a number to generate a second counter data; a logic configuration for using the first counter data and the second counter data to determine one of network parameters associated with the first network Entering a value and one of the network parameters associated with the first network 出去, at least one of; and a visual display configuration configured to display the network parameter associated with the first network 埠The entry value and one or more of the outgoing values of the network parameter associated with the first network. The configuration of claim 11 further includes a control component for enabling a user of the configuration to select the network from the group of networks to view the association with the first network The entry value of the network parameter and the outgoing value of the network parameter associated with the first network ,, wherein the visual display configuration is configured to simultaneously display the network associated with the first network 埠The entry value of the way parameter and the outgoing value of the network parameter associated with the first network port. The configuration of claim 11 further includes a control component for enabling a user of the configuration to select the network port to view the network parameter associated with the first network port The entry value and the outgoing value of the network parameter associated with the first network 。. The configuration of claim 11 wherein the statistic displayed on the visual display configuration is configured to cycle such that data associated with different network 该 of the set of network 显示 is displayed during different time periods, the statistic The data contains the information associated with the different networks of the group of networks. The configuration of claim 11 further includes a plurality of 埠 indicators associated with the plurality of network ports of the set of network ports, the plurality of 埠 indicators including a 埠 indicator configured to display The plural The status of each network in each network. The configuration of claim 15 wherein the 埠 indicator is a light-emitting diode (LED) 埠 indicator and is disposed adjacent to the network 埠 number. A method of monitoring network traffic through a high density network device, the method comprising: receiving a plurality of data packets from a group of network ports, the group of network ports comprising at least one first network port; Transmitting the packet to a logical configuration, wherein the logical configuration is configured to at least analyze the network traffic; and intercepting at least a portion of the plurality of data packets when the plurality of data packets are forwarded to a set of uplink packets, wherein the packet The uplink 埠 is configured to forward the plurality of data packets to other network devices, and the intercepting is performed by a shunt module; generating a set of data packets, wherein the data packet includes the at least one of the plurality of data packets a part, wherein the data packet is generated by the shunt module; the data packet is transmitted to a group of monitoring devices; and an instance of the valid data packet received in the first network is tracked to generate a first counter data; Tracking the number of bytes received in the first network to generate second counter data; using the stylized device, the first counter data, and the second meter Device information to the decision to enter one of the values associated with the first network port network parameters And at least one of the one of the network parameters associated with the first network port; and using a visual display device to display the entry value of the network parameter associated with the first network port and One or more of the outgoing values of the network parameter associated with the first network. The method of claim 17, wherein the displaying step comprises simultaneously displaying the entry value of the network parameter associated with the first network and the network parameter associated with the first network Go out and value both. The method of claim 17, further comprising the steps of: filtering the group of data packets, and then transmitting the group of data packets to the group of monitoring devices, wherein the filtering comprises the group according to a user configurable condition. The data packet is separated into a complex array data packet. The method of claim 17, further comprising: if the group of monitoring devices cannot receive the data packet of the group, buffering the data packet of the group.